This is a note to let you know that I've just added the patch titled selinux: fix memleak in security_read_state_kernel() to the 5.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: selinux-fix-memleak-in-security_read_state_kernel.patch and it can be found in the queue-5.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit b6ae71089ef5b109851cb5a8a9681e61cc27a15f Author: Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> Date: Mon Jun 13 21:59:53 2022 +0800 selinux: fix memleak in security_read_state_kernel() [ Upstream commit 73de1befcc53a7c68b0c5e76b9b5ac41c517760f ] In this function, it directly returns the result of __security_read_policy without freeing the allocated memory in *data, cause memory leak issue, so free the memory if __security_read_policy failed. Signed-off-by: Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 69b2734311a6..fe5fcf571c56 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -4048,6 +4048,7 @@ int security_read_policy(struct selinux_state *state, int security_read_state_kernel(struct selinux_state *state, void **data, size_t *len) { + int err; struct selinux_policy *policy; policy = rcu_dereference_protected( @@ -4060,5 +4061,11 @@ int security_read_state_kernel(struct selinux_state *state, if (!*data) return -ENOMEM; - return __security_read_policy(policy, *data, len); + err = __security_read_policy(policy, *data, len); + if (err) { + vfree(*data); + *data = NULL; + *len = 0; + } + return err; }